Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Disable stoping of addon after finding vulnerability #20

Merged
merged 20 commits into from
Oct 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
90947e4
feature/stop-addon-vulnerability adding checkbox
TomerPacific Oct 12, 2023
bb6893b
feature/stop-addon-vulnerability logic to reset checkbox
TomerPacific Oct 12, 2023
9b15ced
feature/stop-addon-vulnerability logic to add flag to configuration
TomerPacific Oct 13, 2023
ef0ff6c
feature/stop-addon-vulnerability logic to save new flag
TomerPacific Oct 13, 2023
b9d1500
feature/stop-addon-vulnerability removing throws Exception as it is r…
TomerPacific Oct 13, 2023
be23292
feature/stop-addon-vulnerability adding getter method for flag
TomerPacific Oct 13, 2023
e63e489
feature/stop-addon-vulnerability getting flag from configuration and …
TomerPacific Oct 13, 2023
66219f0
feature/stop-addon-vulnerability reverting code
TomerPacific Oct 14, 2023
591c9ad
feature/stop-addon-vulnerability adding property for checkbox
TomerPacific Oct 14, 2023
384bbfd
feature/stop-addon-vulnerability using localized string for checkbox
TomerPacific Oct 14, 2023
664c534
feature/stop-addon-vulnerability logic to check condition if should c…
TomerPacific Oct 15, 2023
ca6996b
feature/stop-addon-vulnerability adding message for checkbox
TomerPacific Oct 15, 2023
24d4ca7
feature/stop-addon-vulnerability adding logic to set checkbox status …
TomerPacific Oct 16, 2023
775e09f
feature/stop-addon-vulnerability changing label of checkbox
TomerPacific Oct 16, 2023
cb1d817
feature/stop-addon-vulnerability adding logic to set checkbox status …
TomerPacific Oct 16, 2023
a6dfe48
feature/stop-addon-vulnerability trying to left align label
TomerPacific Oct 18, 2023
d9d7bf2
feature/stop-addon-vulnerability logic to take into account flag
TomerPacific Oct 18, 2023
7faaea4
feature/stop-addon-vulnerability renaming variable
TomerPacific Oct 18, 2023
f1667a7
feature/stop-addon-vulnerability creating jpanel to put label and che…
TomerPacific Oct 18, 2023
d73422f
feature/stop-addon-vulnerability making checbkox left align
TomerPacific Oct 18, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2021 SasanLabs
* Copyright 2023 SasanLabs
*
* <p>Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of the License at
Expand Down Expand Up @@ -29,6 +29,7 @@
import org.sasanlabs.fileupload.attacks.rce.php.SimplePHPFileUpload;
import org.sasanlabs.fileupload.attacks.xss.HtmlFileUpload;
import org.sasanlabs.fileupload.attacks.xss.SVGFileUpload;
import org.sasanlabs.fileupload.configuration.FileUploadConfiguration;
import org.sasanlabs.fileupload.exception.FileUploadException;

/**
Expand Down Expand Up @@ -70,11 +71,15 @@ public FileUploadAttackExecutor(
}

public boolean executeAttack() throws FileUploadException {

Boolean shouldSendRequestsAfterFindingVulnerability =
FileUploadConfiguration.getInstance().getSendRequestsAfterFindingVulnerability();

for (AttackVector attackVector : attackVectors) {
if (this.fileUploadScanRule.isStop()) {
return false;
} else {
if (attackVector.execute(this)) {
if (attackVector.execute(this) && !shouldSendRequestsAfterFindingVulnerability) {
return true;
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2021 SasanLabs
* Copyright 2023 SasanLabs
*
* <p>Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of the License at
Expand Down Expand Up @@ -39,12 +39,16 @@ public class FileUploadConfiguration extends VersionedAbstractParam {
PARAM_BASE_KEY + ".parseresponse.startidentifier";
private static final String PARAM_PARSE_RESPONSE_CONFIGURATION_END_IDENTIFIER =
PARAM_BASE_KEY + ".parseresponse.endidentifier";
private static final String PARAM_SEND_REQUESTS_AFTER_FINDING_VULNERABILITY_IDENTIFIER =
PARAM_BASE_KEY + ".sendrequests";

private String staticLocationURIRegex;
private String dynamicLocationURIRegex;
private String parseResponseStartIdentifier;
private String parseResponseEndIdentifier;

private Boolean sendRequestsAfterFindingVulnerability;

private static volatile FileUploadConfiguration fileUploadConfiguration;

private FileUploadConfiguration() {}
Expand Down Expand Up @@ -105,6 +109,18 @@ public void setParseResponseEndIdentifier(String parseResponseEndIdentifier) {
parseResponseEndIdentifier);
}

public Boolean getSendRequestsAfterFindingVulnerability() {
return sendRequestsAfterFindingVulnerability;
}

public void setSendRequestsAfterFindingVulnerability(boolean shouldSendRequestsAfterFindingVulnerability) {
sendRequestsAfterFindingVulnerability = shouldSendRequestsAfterFindingVulnerability;
this.getConfig()
.setProperty(
PARAM_SEND_REQUESTS_AFTER_FINDING_VULNERABILITY_IDENTIFIER,
shouldSendRequestsAfterFindingVulnerability);
}

@Override
protected String getConfigVersionKey() {
return CONFIG_VERSION_KEY;
Expand All @@ -125,6 +141,8 @@ protected void parseImpl() {
getConfig().getString(PARAM_PARSE_RESPONSE_CONFIGURATION_START_IDENTIFIER));
this.setParseResponseEndIdentifier(
getConfig().getString(PARAM_PARSE_RESPONSE_CONFIGURATION_END_IDENTIFIER));
this.setSendRequestsAfterFindingVulnerability(
getConfig().getBoolean(PARAM_SEND_REQUESTS_AFTER_FINDING_VULNERABILITY_IDENTIFIER));
}

@Override
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2021 SasanLabs
* Copyright 2023 SasanLabs
*
* <p>Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of the License at
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2021 SasanLabs
* Copyright 2023 SasanLabs
*
* <p>Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of the License at
Expand All @@ -21,6 +21,7 @@
import java.awt.event.ActionListener;
import javax.swing.BoxLayout;
import javax.swing.JButton;
import javax.swing.JCheckBox;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
Expand Down Expand Up @@ -52,6 +53,8 @@ public class FileUploadOptionsPanel extends AbstractParamPanel {
private JTextField parseResponseStartIdentifier;
private JTextField parseResponseEndIdentifier;

private JCheckBox sendRequestsAfterFindingVulnerability;
TomerPacific marked this conversation as resolved.
Show resolved Hide resolved

public FileUploadOptionsPanel() {
super();
this.setName(FileUploadI18n.getMessage("fileupload.settings.title"));
Expand All @@ -72,9 +75,25 @@ public FileUploadOptionsPanel() {

private void init(JPanel settingsPanel) {
settingsPanel.add(uriLocatorConfiguration());
settingsPanel.add(buildSendRequestsAfterFindingVulnerabilityCheckbox());
footerPanel.add(getResetButton());
}

private JPanel buildSendRequestsAfterFindingVulnerabilityCheckbox() {
JPanel sendRequestsAfterFindingVulnerabilityPanel = new JPanel();
sendRequestsAfterFindingVulnerabilityPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
JLabel sendRequestsAfterFindingVulnerabilityLabel =
new JLabel(
FileUploadI18n.getMessage(
"fileupload.settings.checkbox.sendrequestsaftervulnerability"));

sendRequestsAfterFindingVulnerability = new JCheckBox();
sendRequestsAfterFindingVulnerabilityPanel.add(sendRequestsAfterFindingVulnerabilityLabel);
sendRequestsAfterFindingVulnerabilityPanel.add(sendRequestsAfterFindingVulnerability);

return sendRequestsAfterFindingVulnerabilityPanel;
}

private JButton getResetButton() {
JButton resetButton = new JButton();
resetButton.setText(FileUploadI18n.getMessage("fileupload.settings.button.reset"));
Expand Down Expand Up @@ -225,6 +244,7 @@ private void resetOptionsPanel() {
dynamicLocationConfigurationURIRegex.setText("");
parseResponseStartIdentifier.setText("");
parseResponseEndIdentifier.setText("");
sendRequestsAfterFindingVulnerability.setSelected(false);
}

@Override
Expand All @@ -239,6 +259,8 @@ public void initParam(Object optionParams) {
parseResponseStartIdentifier.setText(
fileUploadConfiguration.getParseResponseStartIdentifier());
parseResponseEndIdentifier.setText(fileUploadConfiguration.getParseResponseEndIdentifier());
sendRequestsAfterFindingVulnerability.setSelected(
fileUploadConfiguration.getSendRequestsAfterFindingVulnerability());
}

@Override
Expand Down Expand Up @@ -275,7 +297,7 @@ public String getHelpIndex() {
}

@Override
public void saveParam(Object optionParams) throws Exception {
public void saveParam(Object optionParams) {
FileUploadConfiguration fileUploadConfiguration =
((OptionsParam) optionParams).getParamSet(FileUploadConfiguration.class);
fileUploadConfiguration.setStaticLocationURIRegex(
Expand All @@ -286,5 +308,7 @@ public void saveParam(Object optionParams) throws Exception {
this.parseResponseStartIdentifier.getText());
fileUploadConfiguration.setParseResponseEndIdentifier(
this.parseResponseEndIdentifier.getText());
fileUploadConfiguration.setSendRequestsAfterFindingVulnerability(
this.sendRequestsAfterFindingVulnerability.isSelected());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -125,4 +125,6 @@ fileupload.scanner.vulnerability.htaccessFile.soln=Follow the suggestions mentio
1. https://portswigger.net/kb/issues/00500980_file-upload-functionality \
2. https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload \
3. https://www.youtube.com/watch?v=CmF9sEyKZNo \
4. https://cwe.mitre.org/data/definitions/434.html
4. https://cwe.mitre.org/data/definitions/434.html

fileupload.settings.checkbox.sendrequestsaftervulnerability=Keep exploiting after discovery